Merge branch 'main' into docs-editor/fixed-reported-inaccuracies-1742387410

Author: denisebmsft

.openpublishing.redirection.defender-endpoint.json

@@ -82,8 +82,8 @@
     },
     {
       "source_path": "defender-endpoint/linux-support-rhel.md",
-      "redirect_url": "/defender-endpoint/comprehensive-guidance-on-linux-deployment",
-      "redirect_document_id": true
+      "redirect_url": "/defender-endpoint/linux-installer-script",
+      "redirect_document_id": false
     },
     {
       "source_path": "defender-endpoint/pilot-deploy-defender-endpoint.md",
@@ -105,10 +105,20 @@
       "redirect_url": "/defender-endpoint/overview-client-analyzer",
       "redirect_document_id": false
     },
+    {
+      "source_path": "defender-endpoint/schedule-antivirus-scan-in-mde.md",
+      "redirect_url": "/defender-endpoint/schedule-antivirus-scan-anacron",
+      "redirect_document_id": true
+    },
     {
       "source_path": "defender-endpoint/comprehensive-guidance-on-linux-deployment.md",
       "redirect_url": "/defender-endpoint/linux-installer-script",
       "redirect_document_id": true
-    }    
+    },
+    {
+      "source_path": "defender-endpoint/linux-schedule-scan-mde.md",
+      "redirect_url": "/defender-endpoint/schedule-antivirus-scan-crontab",
+      "redirect_document_id": true
+    } 
   ]
 }

ATPDocs/remove-rbcd-microsoft-entra-seamless-single-sign-on-account.md

@@ -2,7 +2,7 @@
 title: 'Security assessment: Remove Resource Based Constrained Delegation for Microsoft Entra seamless SSO account'
 description: This article describes Microsoft Defender for Identity's Microsoft Entra Seamless Single sign-on (SSO) account with Resource Based Constrained Delegation (RBCD) applied security posture assessment report.
 author: RonitLitinsky
-ms.author: t-rlitinsky
+ms.author: rlitinsky
 ms.service: microsoft-defender-for-identity
 ms.topic: article
 ms.date:     08/22/2024

CloudAppSecurityDocs/activity-filters-queries.md

@@ -35,7 +35,7 @@ Below is a list of the activity filters that can be applied. Most filters suppor
 - Administrative activity – Search only for administrative activities.
 
   >[!NOTE]
-  > Defender for Cloud Apps can't mark Google Cloud Platform (GCP) administrative activities as administrative activities.
+  > Defender for Cloud Apps classifies all GCP activities as administrative activities.
 
 - Alert ID - Search by alert ID.
 

CloudAppSecurityDocs/cas-compliance-trust.md

@@ -29,7 +29,7 @@ Defender for Cloud Apps operates in the Microsoft Azure data centers in the foll
 |---------|---------|
 |**Customers whose tenants are provisioned in the United States**     |  United States       |
 |**Customers whose tenants are provisioned in the European Union or the United Kingdom**     |    Either the European Union and/or the United Kingdom      |
-|**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned    |
+|**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned.    |
 
 In addition to the locations above, the App Governance features within Defender for Cloud Apps operate in the Microsoft Azure data centers in the following geographical regions listed below. Customer with App Governance enabled will have data stored within the data storage location the customer provisions in above, and in a second data storage location as described below: 
 
@@ -45,7 +45,7 @@ In addition to the locations above, the App Governance features within Defender
 | **Customers whose tenants are provisioned in Japan** | Japan  |
 | **Customers whose tenants are provisioned in India** | India  |
 | **Customers whose tenants are provisioned in Asia Pacific**  | Asia Pacific  |
-|**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned   |
+|**Customers whose tenants are provisioned in any other region**     |     The United States and/or a data center in the region that's nearest to the location of where the customer's Microsoft Entra tenant has been provisioned.   |
 
 Customer data collected by Defender for Cloud Apps is either stored in your tenant location, as described in the previous tables, or in the geographic location of another online service that Defender for Cloud Apps shares data with, as defined by the data storage rules of that online service.
 
@@ -71,4 +71,4 @@ Defender for Cloud Apps shares data, including customer data, among the followin
 
 ## Related content
 
-For more information, see the [Microsoft Service Trust portal](https://www.microsoft.com/en-us/trust-center/product-overview).
+For more information, see the [Microsoft compliance offerings](/compliance/regulatory/offering-nist-sp-800-171).

CloudAppSecurityDocs/discovery-kubernetes.md

@@ -38,7 +38,7 @@ This article describes how to configure automatic log upload for continuous repo
 1. Run the helm command using the following syntax:
 
     ```AzureCLI
-    helm install <release-name> oci://agentspublic.azurecr.io/logcollector-chart --version 1.0.0 --set inputString="<generated id> ",env.PUBLICIP="<public ip>",env.SYSLOG="true",env.COLLECTOR="<collector-name>",env.CONSOLE="<Console-id>",env.INCLUDE_TLS="on" --set-file ca=<absolute path of ca.pem file> --set-file serverkey=<absolute path of server-key.pem file> --set-file servercert=<absolute path of server-cert.pem file> --set replicas=<no of replicas> --set image.tag=0.272.0
+    helm install <release-name> oci://mcr.microsoft.com/mcas/helmchart/logcollector-chart --version 1.0.5 --set inputString="<generated id> ",env.PUBLICIP="<public ip>",env.SYSLOG="true",env.COLLECTOR="<collector-name>",env.CONSOLE="<Console-id>",env.INCLUDE_TLS="on" --set-file ca=<absolute path of ca.pem file> --set-file serverkey=<absolute path of server-key.pem file> --set-file servercert=<absolute path of server-cert.pem file> --set replicas=<no of replicas> -n <namespace>
     ```
 
     Find the values for the helm command using the docker command used when the collector is configured. For example:

CloudAppSecurityDocs/protect-office-365.md

@@ -96,7 +96,8 @@ Defender for Cloud Apps integrates directly with [Microsoft 365's audit logs](/m
 - Events from **Exchange**, **Power BI**, and **Teams** will only appear after activities from those services are detected in the portal.
 
 
-- [Multi-geo deployments](/microsoft-365/enterprise/microsoft-365-multi-geo) are only supported for OneDrive
+- [Multi-geo deployments](/microsoft-365/enterprise/microsoft-365-multi-geo) are only supported for OneDrive.
+- Events from **Exchange** reflect the actor, which is either the application or the user, that performed the action.
 
 ### Microsoft Entra integration
 
@@ -153,12 +154,12 @@ This section provides instructions for connecting Microsoft Defender for Cloud A
 1. After Microsoft 365 is displayed as successfully connected, select **Done**.
 1. In the Microsoft Defender Portal, select **Settings**. Then choose **Cloud Apps**. Under **Connected apps**, select **App Connectors**. Make sure the status of the connected App Connector is **Connected**.
 
-SaaS Security Posture Management (SSPM) data is shown in the Microsoft Defender Portal on the **Secure Score** page. For more information, see [Security posture management for SaaS apps](/defender-cloud-apps/security-saas).
+    SaaS Security Posture Management (SSPM) data is shown in the Microsoft Defender Portal on the **Secure Score** page. For more information, see [Security posture management for SaaS apps](/defender-cloud-apps/security-saas).
 
-> [!NOTE]
-> After connecting Microsoft 365, you will see data from a week back including any third-party applications connected to Microsoft 365 that are pulling APIs. For third-party apps that weren't pulling APIs prior to connection, you see events from the moment you connect Microsoft 365 because Defender for Cloud Apps turns on any APIs that had been off by default.
+    > [!NOTE]
+    > After connecting Microsoft 365, you will see data from a week back including any third-party applications connected to Microsoft 365 that are pulling APIs. For third-party apps that weren't pulling APIs prior to connection, you see events from the moment you connect Microsoft 365 because Defender for Cloud Apps turns on any APIs that had been off by default.
 
-If you have any problems connecting the app, see [Troubleshooting App Connectors](troubleshooting-api-connectors-using-error-messages.md).
+    If you have any problems connecting the app, see [Troubleshooting App Connectors](troubleshooting-api-connectors-using-error-messages.md).
 
 ## Next steps
 

CloudAppSecurityDocs/troubleshooting-api-connectors-using-error-messages.md

@@ -1,10 +1,10 @@
 ---
-title: Troubleshoot App Connector error messages 
+title: Troubleshoot App Connector errors 
 description: This article provides a list of API App connector error messages as well as resolution recommendations for each.
 ms.date: 01/29/2023
 ms.topic: conceptual
 ---
-# Troubleshooting App Connector error messages
+# Troubleshooting App Connector errors
 
 
 
@@ -14,6 +14,9 @@ This article provides a list of API App connector error messages and resolution
 
 App connector errors can be seen in the app connector dialog after attempting to connect a cloud app using the API App connector.
 
+> [!NOTE]
+> If a connector experiences a failure or disconnection, a system alert will be generated. To resume normal operations and maintain connectivity, reconnect the connector on the connectors page.
+
 > [!div class="mx-tableFixed"]
 >
 > |Error message|Relevant app|Description|Resolution|

defender-business/mdb-faq.yml

@@ -10,7 +10,7 @@ metadata:
   ms.topic: faq
   ms.service: defender-business
   ms.localizationpriority: medium
-  ms.date: 01/02/2024
+  ms.date: 03/19/2024
   ms.reviewer: efratka, nehabha
   f1.keywords: NOCSH
   ms.collection:
@@ -157,7 +157,7 @@ sections:
           | Cross-platform support <br/>(Mac, iOS, Android)| ✔ | ✔ | ✔ |
           | Windows Server and Linux Server <br/>(requires server licenses) | ✔  | ✔ | ✔ |
           | Microsoft Threat Experts | | | ✔ |
-          | Microsoft 365 Lighthouse <br/>(optimized; for CSPs only) | ✔ | | |
+          | Microsoft 365 Lighthouse <br/>(optimized; for CSPs only) | ✔ | ✔ | ✔ |
           | Microsoft Defender multi-tenant management | ✔ | ✔ | ✔ |
           | APIs | ✔  | ✔ | ✔ |
 

defender-endpoint/TOC.yml

@@ -294,9 +294,11 @@
               - name: Configure antivirus scans
                 items:
                 - name: Schedule antivirus scans using Anacron
-                  href: schedule-antivirus-scan-in-mde.md
+                  href: schedule-antivirus-scan-anacron.md
                 - name: Schedule antivirus scans using Crontab
-                  href: linux-schedule-scan-mde.md
+                  href: schedule-antivirus-scan-crontab.md
+              - name: Network protection for Linux
+                href: network-protection-linux.md
               - name: Configure and validate exclusions on Linux
                 href: linux-exclusions.md
               - name: Configure eBPF-based sensor
@@ -329,8 +331,9 @@
                 href: ios-install-unmanaged.md
             - name: Configure Mobile Threat Defense
               items:
-              - name: New user experiences in Defender for Endpoint on iOS
-                href: ios-new-ux.md
+              - name: User experiences in Defender for Endpoint on Android
+                href: android-new-ux.md
+              - name: User experiences in Defender for Endpoint on iOS
               - name: Mobile device resources for Defender for Endpoint 
                 href: mobile-resources-defender-endpoint.md
               - name: Configure Defender for Endpoint on Android features
@@ -700,8 +703,6 @@
           href: evaluate-network-protection.md
         - name: Turn on network protection
           href: enable-network-protection.md
-        - name: Network protection for Linux
-          href: network-protection-linux.md
         - name: Network protection for MacOS
           href: network-protection-macos.md
       - name: Web protection

defender-endpoint/access-mssp-portal.md

@@ -3,8 +3,8 @@ title: Access the Microsoft Defender XDR MSSP customer portal
 description: Access the Microsoft Defender XDR MSSP customer portal
 ms.service: defender-endpoint
 ms.subservice: onboard
-ms.author: deniseb
-author: denisebmsft
+ms.author: ewalsh
+author: emmwalshh
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -13,7 +13,7 @@ ms.collection:
 - tier3
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 12/18/2020
+ms.date: 03/21/2025
 ---
 
 # Access the Microsoft Defender XDR MSSP customer portal
@@ -26,7 +26,7 @@ ms.date: 12/18/2020
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630&clcid=0x409&culture=en-us&country=us)
+> Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://go.microsoft.com/fwlink/p/?linkid=2225630)
 
 > [!IMPORTANT]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.